module.exports = () => {
    // 返回中间件函数
    return async function permission(ctx, next) {
		const  action=ctx.event.action;
		const permission =action.replace(/(\\|\/)/g,"_").toUpperCase();
		const arr=action.split('/')
		let user=null
		if(Array.isArray(arr)){
				user=arr[0]
		}
		if (!ctx.auth || 
			!ctx.auth.role.includes('admin') &&
			!ctx.auth.role.includes(user) &&
			!ctx.auth.permission.includes(permission)){
		    ctx.throw('FORBIDDEN', '禁止访问');
		}
        await next() // 执行后续中间件
    }
}
